Reset Search
 

 

Article

How To Configure PBR on EXOS for NAC Integration with Multiple NAC Servers Utilizing Flow Redirect

« Go Back

Information

 
TitleHow To Configure PBR on EXOS for NAC Integration with Multiple NAC Servers Utilizing Flow Redirect
Objective
This How-To article is an example of how to utilize the flow-redirect functionality in EXOS as a means to provide redirection redundancy for environments with Multiple EACs (NACs) that require redirection to EAC (NAC) portal pages.

This article assumes that you have previously configured the Wireless Controllers, VNS Roles and EAC (NAC) configurations as required and recommended for BYOD.
Environment
  • Extreme Access Control (Formerly NAC)
  • EXOS Switch/Router
  • Extreme Wireless
Procedure
1) Configure the Flow Redirection Commands on the XOS Switch/Router:
create flow-redirect NAC-Group
configure flow-redirect NAC-Group add nexthop 10.10.10.11 priority 200
configure flow-redirect NAC-Group add nexthop 10.10.10.12 priority 150
configure flow-redirect NAC-Group add nexthop 10.10.10.13 priority 100
configure flow-redirect NAC-Group add nexthop 10.10.10.14 priority 50
configure flow-redirect NAC-Group health-check ping
configure flow-redirect NAC-Group nexthop 10.10.10.11 ping health-check interval 2 miss 2
configure flow-redirect NAC-Group nexthop 10.10.10.12 ping health-check interval 2 miss 2
configure flow-redirect NAC-Group nexthop 10.10.10.13 ping health-check interval 2 miss 2
configure flow-redirect NAC-Group nexthop 10.10.10.14 ping health-check interval 2 miss 2
2) Create the Redirection Policy on the XOS Switch/Router (NACRedirect.pol):
   
edit policy NACRedirect.pol
 
Press the i key to enter insert mode

Add the following text as shown below:
 
entry NACRedirect {
if {
protocol tcp;
destination-port 80;
dscp 16;
}              then {
Redirect-name NAC-Group;
}
}
 
Press the ESC key to exit insert mode

Type :wq! to save and exit the editor

 
3) Apply the Policy to the VLAN on the XOS Switch/Router:
config access-list NACRedirect vlan WiFiGuest ingress
4) Enable Diffserv examination on the port/ports required on the XOS Switch/Router:
enable diffserv examination port 1:1
5) Enable iparp refresh on the XOS Switch/Router:
enable iparp refresh
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255